Configuring an External Certificate

Configuring Security Settings : Configuring an External Certificate

You configure external certificates under Administration > Security: External Certificate. The External Certificates page displays the certificate details.

The external certificate must be enabled on both the SteelHead and the managing SteelCentral Controller for SteelHead appliances at the same time. Enabling this feature on only the SteelHead or only the SteelCentral Controller will result in the appliances disconnecting until the external certificate is enabled on both.

These configuration options are available under External certificate configuration:

Enable the external certificate

Add the external certificate first before selecting this check box then click Apply.

The following options are available under Certificate:

Details:

Issued To/Issued By

Specifies these options:

• Common Name—Specifies the common name of the certificate authority.

• Email—Specifies the organization email.

• Organization—Specifies the organization name (for example, the company).

• Locality—Specifies the city.

• State—Specifies the state.

• Country—Specifies the country.

Validity

Specifies these options:

• Issued On—Specifies the date the certificate was issued.

• Expires On—Specifies the date the certificate expires.

Signature Algorithm

Specifies the signature algorithm.

Fingerprint

Specifies the SSL fingerprint.

Key

Specifies these options:

• Type—Specifies the key type. The default value is RSA.

• Size—Specifies the key size. The default value is 2048.

To view the certificate in PEM format, under Certificate, select the PEM tab. The certificate appears in PEM format.

Import

Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you’re adding or updating the certificate.

Certificate

Specifies the action:

• Upload—Browse to the local file in PKCS-12, PEM, or DER formats.

• Paste it here (PEM)—Copy and then paste the contents of a PEM file.

To generate a CSR, under Certificate, select the Generate CSR tab and complete these configuration options:

Common Name (required)

Specifies the common name (hostname) of the peer.

Organization Name

Specifies the organization name (for example, the company).

Organization Unit Name

Specifies the organization unit name (for example, the section or department).

Locality

Specifies the city.

State

Specifies the state. Don’t abbreviate.

Country (2-letter code)

Specifies the country (2-letter code only).

Email Address

Specifies the email address of the contact person.

Generate CSR

Generates the Certificate Signing Request.